Module 6: Data Protection

Overview
What does Data Protection include?

Using locking modes to achieve concurrency and consistency

Protecting data from unauthorized users and authorized users who are trying to update the same data simultaneously Implementing database security features to protect the database, database objects and data Using auditing features to monitor database activity

Concurrency and Consistency

Isolation Levels and Concurrency Issues
Isolation Table
Read Uncommitted Read Committed Repeatable Read Serializable

Dirty Read
Possible Not Possible Not Possible Not Possible

Non-Repeatable Read
Possible Possible Not Possible Not Possible

Phantom Read
Possible Possible Possible Not Possible

Concurrency and consistency are mutually opposing goals

Oracle supports Read Committed and Serializable isolation levels

Achieves other levels through Row Versioning SQL Server Removes Writers Blocking Readers Readers Blocking Writers with Snapshot Isolation SQL Server Supports all Four Isolation levels

Locking
Locking granularity

Oracle Locking

Table Level Row level (default) Table Partition Page Row (default)

SQL Server Locking

SQL Server supports lock escalation Explicit locking can be achieved by using lock hints in Both DBMS

Demonstration: Isolation Level Behaviors

Demonstration:
Isolation Level Behaviors

Database Security
Security is implemented in both DBMSs using logins and privileges Users can be classified as:
Schema owners (SQL Server database object owners)

Application users
Administrative users

User authentication can be achieved through the operating system login or database login or contained database SQL Server security depends on Windows security for features such as password expiration

Privileges and Roles

Oracle and SQL Server both contain:
System-level privileges to perform actions against any object in the database
Object-level privileges to perform actions against specific schema objects

Roles Group System-level and object-level privileges SQL Server fixed and user-defined roles : Server and Database Application roles in SQL Server Implemented using application logic Password protected

Demonstration: SQL Server Instance Security

Demonstration:
SQL Server Instance Security

Auditing
Auditing facilitates database activity monitoring Monitoring statements, privileges, or objects Oracle audit key DDL and DML statements. SQL Server all actions (DDL and DML) are auditable. SQL Server Profiler offers various events that can be used for auditing. DDL triggers and even notifications can aid in auditing SQL Server server-level auditing is available in all editions, provides T-SQL stack frame info, and more resilient. SQL Server supports user-defined audit group and audit filtering

Review
We defined concurrency and consistency and saw the challenges they offer We learned how concurrency and consistency can be balanced by use of isolation levels implemented using lock modes We learned about login and authentication at the database system level and database level, the various system and object level privileges and privilege management using roles We learned the basics of auditing functionality in SQL Server as compared to Oracle